Penn researchers work to make federal agents' radios more secure

[InfoSec News <alerts () infosecnews org>]

http://www.philly.com/philly/health_and_science/130094458.html

By Tom Avril
Inquirer Staff Writer
Sept. 19, 2011

When a team of University of Pennsylvania computer scientists set out to 
test the security of the encrypted two-way radios widely used by federal 
agents, they were in for an unnerving surprise:

For a small but significant part of the time, the radio traffic was not 
even encrypted.

All they had to do was turn on a store-bought receiver and they could 
hear agents discussing the identities of undercover agents and 
informants, locations of surveillance targets, and other sensitive 
details, the researchers reported in a study last month.

In one three-month period, the team said it picked up this kind of 
traffic for 23 minutes a day, on average, in several unidentified cities 
where listening posts were set up.

The researchers, who won an award for their paper at a national 
conference, are working with law enforcement agencies to alleviate 
problems through software tweaks and training. But they said they also 
identified other security flaws with the radios that may be harder to 
fix.

With a bit of technical know-how, they were able to jam radio 
transmissions using a modified toy - an instant-messaging device 
designed for preteens. In addition, by using a radio to send out 
unobtrusive "pings," they were able to track the location of all radios 
tuned to a given frequency, as well as the federal agency the users 
worked for.

"It's like Harry Potter's Marauder's Map," said lead author Sandy Clark, 
referring to the magical parchment that reveals the location of anyone 
at Hogwarts School.

[...]


_____________________________________________________________
Register now for the #HITB2011KUL - Asia's premier
deep-knowledge network security event now in it's 9th year!
http://conference.hitb.org/hitbsecconf2011kul/